![](https://seccdn.libravatar.org/avatar/1ae92035c03829e23a08fda96a78b309.jpg?s=120&d=mm&r=g)
Hi, How can I track user's shell command history even if he or she set HISTSIZE=0 in his or her .profile, the last shell startup script file? Even better, is there any way to set global history to track all users in just one file with format USERNAME TIMESTAMP COMMAND. I read all about Bash shell, it's history, shell invocation, startup files, but I didn't find solution for that. I have some bad guys on some servers, and I want to be well informed what they are doing, because I already catch them doing very bad things. :-( Thanks for any suggestion. -- Ivan Gustin, ivan@elin.hr, (098) 366-346 ELIN Elektronika i informatika, www.elin.hr, (052) 623-491 Lindarska cesta 1, 52000 Pazin -- Ovaj mail provjeren je antivirusnim programom ESET NOD32 prilikom prolaska kroz mail server. This mail has been scanned by antivirus software ESET NOD32 during passing through mail server.
![](https://seccdn.libravatar.org/avatar/27baa448681c4a5c26d14d8f44fbe635.jpg?s=120&d=mm&r=g)
On Tue, 18 Mar 2003 12:42:07 +0100
"Ivan Gustin"
Hi,
How can I track user's shell command history even if he or she set HISTSIZE=0 in his or her .profile, the last shell startup script file? Even better, is there any way to set global history to track all users in just one file with format USERNAME TIMESTAMP COMMAND. I read all about Bash shell, it's history, shell invocation, startup files, but I didn't find solution for that.
I have some bad guys on some servers, and I want to be well informed what they are doing, because I already catch them doing very bad things. :-(
You could go to http://grsecurity.net and get their patches for the kernel. You can log everything they do, but the logging may bog down your server. -- use Perl; #powerful programmable prestidigitation
![](https://seccdn.libravatar.org/avatar/d70f8a8240c69007852b9d1bf27e170b.jpg?s=120&d=mm&r=g)
* Ivan Gustin (ivan@elin.hr) [030318 03:51]:
How can I track user's shell command history even if he or she set HISTSIZE=0 in his or her .profile, the last shell startup script file? Even better, is there any way to set global history to track all users in just one file with format USERNAME TIMESTAMP COMMAND. I read all about Bash shell, it's history, shell invocation, startup files, but I didn't find solution for that.
You want process accounting. Install the acct package and see /usr/share/doc/packages/acct. I think there's also a howto.
I have some bad guys on some servers, and I want to be well informed what they are doing, because I already catch them doing very bad things. :-(
userdel -- -ckm
participants (3)
-
Christopher Mahmood
-
Ivan Gustin
-
zentara